OpenID Connect behavior


Article ID: 121501


Updated On:


CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On


We'd like to know if the following token issued by CA Single Sign-On
is a JWT Signed Token.

The first part of the decripted token doesn't have the "typ" header 
and as such we'd like you to confirm that this token is a JWT. 

kid: "65804645-989e-4833-8dd7-f17c7782ea00", 
alg: "RS256" 

sub: "CN=myname,OU=myuser,O=myorganization", 
aud: "c11d5f88-3bba-4a66-8faf-58d6bbb8547z", 
mail: "[email protected]", 
auth_time: 1540223760, 
iss: "https:\/\/", 
exp: 1540227660, 
permisos: "Rol2^Rol1", 
iat: 1540223760, 
nonce: "5zugzYdnoOoIKAxbxwqHmVoxFvtlLoeo8i8Hluvzsiie", 
nombre: "Name of myname" 


Release: MSPSSO99000-12.8-Single Sign-On-for Business Users-MSP


At first glance, the "typ" header is optional. 

JSON Web Token (JWT) 

"Use of this Header Parameter is OPTIONAL." 

The section : 

kid: "65804645-989e-4833-8dd7-f17c7782ea00", 
alg: "RS256" 

is the jws header parameters given by CA Single Sign-On. 

CA SSO 12.8 is an Certified OpenID Connect 
implementation. Please refer below link for information. 

So CA SSO 12.8 is an Certified OpenID Connect implementation, as 
OpenID Connect 1.0 RFC already set that the ID Token confirm the JWT 
Signed and Encrypted contents in the Token.